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(57) Abstract: A Baseline DVB-CPCM is presented in this proposal to provide a secure and interoperable content delivery and 
transferring apparatus. The proposed Baseline DVB-CPCM is a unit to be implemented in a oonipliant CPCM device, and it con- 
sists of five major modules to be used for end-to end solution and content transferring between devices. These modules are CPCM 
Manager, Tools Box, Ri^ts Management Module, Message Router, and CAS-CPCM Converter. 
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DESCRIPTION 
APPARATUS OF A BASELINE DVB-CPCM 
TECHNICAL FIELD 

The present invention relates to content protection and copy management used 
in broadcasting, content distribution, Video-On-Demand, especially to such 
applications where the protected content is delivered, and transferred between 
devices which can consume the content and save the content in a storage in a 
secure manner. 

BACKGROUND ART 

Contents will be available easily to consumers as digital technology and media 
processing power become more and more advanced. Not like analogue media, 
digital media almost has unlimited number of copies with good qualify. Thus as 
content owner, or content operator they will have much concern about the 
dangerous if content is not protected well. 

Digital TV (DTV) broadcasting has been widely deployed in the world. So far 
there is not much concern about the content protection and security. However 
as new generation DTV-STB (Set-Top-Box) that has local hard disk and digital 
interface like IEEE 1394, etc. is laundied, content assodation, movie industries, 
and media owners are starting to worry about the content protection and copy 
management. Before having a complete and very secured DTV-STB, a secured 
content delivery and transferring mechanism, as well as a secured transmission 
channel, they would not allow to release contents to such applications. 
Therefore many parties in the world including standard bodies like MPEG, DVB, 
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TVAnytime, content companies, CE (Consumer Electronics) manufacturers, as 
well as security technology providers, etc., are gathering together to work on a 
both interoperable and secure end-to-end solution to the content protection and 
copy management in such application scenario. 

5 

Content distribution and video-on-demand is also becoming more and more 
demanding as multimedia data and contents can reach to anywhere and 
anytime. User is happy with the convenience and flexibility, and they can enjoy 
entertainment easily and efficiently. 

10 

On the other hand, content owners are trying to meet the customer's needs but 
at the same time they also worry about the illegal usage of their property: There 
is a balance between two sides. 

15 In MPEG standardisation group, people are working towards to standardise an 
IPMP (Intellectual Property Management and Protection) system that involves 
compliant temiinal. All the terminals can play back a protected content that is 
encrypted and protected by following the same IPMP standard, no matter what 
kinds of IPMP tools they use. 

20 

DVB consortium has also issued Call for Proposal for CPCM (Content 
Protection and Copy Management), to mainly focus on content delivery from 
operator to receiver and content transfem'ng from one DVB-CPCM device to 
another in a both secure and interoperable manner. 

25 

The current DVB receiver as a DVB device cannot fulfil the both secure and 
Interoperable requirement, especially for content transfemng between DVB 
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receiver and other storage devices Wke PVR, etc., wliich lias not addressed 
before. 

Basically the prior art for an existing DVB receiver is shown in Figure 1. to 
5 indicate how a content is delivered to DVB receiver in a secure but private way. 

Related invention is disclosed in Japanese Patent Application Nos. 2001- 
265908 and 2001-058236 which are filed by the present applicant 

10 To design an interoperable and secure device to be used In content delivery or 
transmission in a secure manner; 

To design an interoperable and secure device to be used in content transferring 
between such devices In a secure manner; 

15 

In the above-mentioned cases, content is protected against illegal use of the 
property and granted usage is properiy managed and carried from one device to 
another within authorised domain. 

20 DISCLOSURE OF INVENTION 

The device according to the present invention has the following elements. 

A means for using a standardized Baseline DVB-CPCM unit to be implemented 
in a compliant CPCM Device; 

26 

A means for using sub modules of the Baseline DVB-CPCM, as well as their 
functions and behaviours; 
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A means for using a set of messages for content transferring, tool transferring, 
mutual authentication between compliant CPCM Devices, as well as interfacing 
with proprietary CPCM tools (plug-ins); 

6 

A means for using a set of Identifiers for content management and domain 
management; 

A means for using CPCM Information and their sub Information which Is carried 
10 in a content, as well as a set of syntaxes and their semantics for such 
Information to indicate the format of a protected content where protection 
infomnatlon and content usage information are embedded. It is used by content 
provider or service operator as the standard mean to wrap up content with other 
infomnation, and at the same time it Is used by CPCM Device makers as the 
15 specification to build their compliant CPCM Devices. 

A means for using a unified and generic XML based schema to be able to 
express various kinds of usage rights and rules by difTerent parties. 

20 According to a device of the present invention, the invention of Baseline DVB- 
CPCM solves the problem of protecting digital content from broadcasting, 
copying and/or transferring, and it provides good Interoperability. 

25 The Invented Baseline DVB-CPCM is the unit to be Implemented in a compliant 
CPCM clevlce, and it consists of five modules to realise most of the functions 
requested by security and interoperability. 
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CPCM Control Information and CPCM Stream are defined in to provide 
specification for both operator and manufacturer to follow to have world-wide 
inter-operabillty, it includes CPCM Tool List, Rights Holder, and Tool Container. 
5 In specifying a compliant CPCM Device, a Baseline DVB-CPCM is Invented 
including CPCM Manager, Tools Box, Rights Management. Message Router, 
and CAS-CPCM converter, to fulfil most of the functions for content protection 
and copy management 

10 Messaging interface and several messages are defined here for content or tool 
transferring between CPCM Devices, as well as for interfacing with proprietary 
CPCM plugnns. 

"XML structured or binary rights language can be included in CPCM Rights Holder to 
1 5 provide usage rules associated with each content, program or even elementary streams. 

BRIEF DESCRIPTION OF DRAWINGS 

Figure 1 shows the prior art of an Existing DVB-STB to Receive Protected 
Content by using Different CA Systems. 

20 

Figure 2 shows the invented DVB CPCM STB with End to End Solution. 

Figure 3 shows the Structure of CPCM protected content - MPEG2 system. 

25 Figure 4 shows Illustration of the Function of Rights Management used for End 
to End Solution in the Broadcasting Case: 
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Figure 5 shows Illustration of the Function of Rights Management used for End 
to End Solution in the content distribution case; 

Figure 6 shows Illustration of the Tool Retrieving Function of CPCM Manager. 

5 

Figure 7 shows Content Transmission t)etween CPCM Devices. 

BEST MODE FOR CARRYING OUT THE INVENTION 

In the present invention, a parameter named "authorized domain" is newly 

10 provided, which specifies one or more local networks. Only 
reproduction/recording devices within the local network specified by the 
authorized domain can be authorized to perform one of reproduction and copy 
of CPCM (content protection and copy management) protected content so that 
the content can be fully secured in transferring between the devices within the 

15 network. 

The authorized domain Is defined when a user makes a contract of content 
subscription with a content provider. Terms of the contract may be varied 
according to characteristics of the local network such as numbers and/or types 
20 of the devices within the local network assigned the same domain. 

For example, the authorized domain <ian be set by adopting a part of an IP 
address of the device within the local network. More specifically. In the case of 
the device with an IP address "dvdplayer1.seno.dri.mei.co.jp", the authorized 
25 domain may be "seno.drt.mei.oo.jp". Then,, all the devices having IP address 
"seno.drl.mei.co.jp" can be authorized to perfonm one of reproduction and copy 
of the contracted content Note that a domain specifies a logical unit of a 
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connection between the devices, whidi are not necessary in the form of a 
networic 

The basic structure of the invention is first explained. 

(1 ) On the content provider or operator side in a CPCI\fl environment 

1 . Content is encoded using existing coding technology like MPEG-2 or 
MPEG-4, and encrypted using existing and defined encryption tools like DES or 
AES. Watermari^s for copy contrcrf maybe emt>edded in the content before the 
encoding. The encryption key is encrypted again using pre-defined encryption 
tool, to result in an encrypted encryption key and the license key that is used to 
encrypt the encryption key. 

2- At the same time, the ContentID is generated. 

3 . CPCM Tools List indicated by ToollD is also fonned based on what tool is 
used to protecting the content 

4 . CPCM Rights Holder contains usage rights and rules specified by content 
owner. These usage rights and rules can be made specific to each piece of 
content (by using of ContentID), or each program under one content (by using 
of programNumber in MPEG2 system), or even each elementary stream under 
one program (by using elementary_PID in MPEG2 system). The above- 
mentioned license key can be canied in CPCM Rights Holder, or it can be 
delivered to CPCM de>nces via some secure means, a return channel or smart 
card. 
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5 . CPCM Control Graph is created if necessary according to the detail 
protection and usage rules applied to different control point; 

6 . CPCM Tool Container Is formed by canrying necessary CPCM Tool In a 
protected format; 

7 . CPCM Stream is created to hold the above-mentioned encrypted 
encryption key and any other control information for protection, such as time 
stamps, tool configuration messages, etc. 

All the above CPCM information is carried in PSI in MPEG-2 system standard, 
and it is called CPCM Control Information. 

(2) On the content receiver side in the same CPCM environment: 

A protected content is delivered to a compliant CPCM Device, and Baseline 
DVB-CPCM unit will function by activating its sub modules: 

1 . Rights Management module will retrieve CPCM Rights Holder information. 
Usage rules and states associated with the content are parsed. These include 
usage rights of each program, elementary stream, copy information on whether 
or not the content (or a program) can be transferred between CPCM devices in 
the same authorized domain. If the license key is carried in CPCM Rights 
Holder, it is also retrieved after the Rights Management module makes sure that 
this device has the right to access a particular content or program. If not, the 
license key is obtained elsewhere through a secure means, maybe a smart card. 



wo 03/039155 PCT/JP02/11126 

9 



2 . CPCM Manager module will retrieve CPCM Tool List and call up the tool 
indicated by TooliD in tlie list if there is such tool in Tools Box of Baseline DVB- 
CPCM. If there is no such tool in the case of a new tool or upgraded tool, 

5 missing tool downloading or retrieving will be conducted in three ways: sending 
ToolRequest to another CPCM Device; retrieving tools from the content (if there 
is tools carried in Tool Container Descriptor); remotely retrieving missing tool 
from a URL site. The newly obtained tool will be used as proprietary CPCM 
tools (plug-ins). 

10 

3 . In the case of playback only, the license key stored in buffer of Baseline 
DVB-CPCM will be called to decrypt the encrypted encryption key in Vtie CPCM 
Stream. The reconstructed key will be used to decrypt the encrypted content 
one unit by one unit synchronously, to play back the protected content \Mthout 

15 content storing. 

4 . In the case of storing content on the top of playback. Usage rules and 
rights carried in the CPCM Rights Holder will be further retrieved and verified to 
see whether there is copy right for this program or content. In the case of 

20 broadcasting, program number like ProgramNumber is used to identify the 
usage right applied to which program, while in the case of content dstribution, 
ContentID vwll be used to kJentify the usage right applied to which content 

After usage rule verification perfonned, the protected content will be played 
25 back in the same way as indicated in the abov&Hfnentioned playback case. At 
the same time the encrypted content will be saved in the storage of a CPCM 
device, together with CPCM information (CPCM Tool List, CPCM Rights Holder, 
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CPCM Control Graph, CPCM Tool Container, and CPCM Stream where the 
encryption ke^ is not encrypted). 

(3) Protected content transferring between two compliant CPCM Devices: 

5 

It is assumed that the protected content stored in CPCM Device A, together with 
CPCM Control Information. CPCM Device B is owned by the same user and 
considered to be in the same authorized domain. ■ 

10 In the case of content distribution, the same CPCM_DomainlD corresponding to 
one registered user has been issued as a certificate and registered to all user's 
CPCM devices when he makes subscription via a return channel, smart card, or 
other means. 

16 This CPCM_DomainlD as a certificate Is securely transmitted, delivered, and 
registered into user's CPCM devices, or it is registered into user's CPCM 
devices via a piug-in smart card. This CPCM_DomainlD registered in Baseline 
DVB-CPCM of user's CPCM devices is used as Hardware's identifier or 
authorized domain identifier. 

20 

A password assigned by the service operator may be used in this registration 
process. All the bill for pay-per-view or content purchase will be charged to 
users based on their own CPCM_DomainlD and the password. All his 
registered CPCM devices are considered to be in the authorized domain with 
25 the same certificate of CPCM^DomainlD. 

Within the same domain, each of the CPCM Devices is also assigned a 
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CPCM_DevicelD to identify itself and to be used as address for messages 
sending and receiving between two CPCI\4 devices. Eadi CPCIVi device will 
also have a key generation module to generate a pair of public key and private 
key to use to encrypt and decrypt the encryption keys in CPCM Stream. 

5 

\Mien CPCM Device B wants to obtain a protected content/program wiiich is 
stored in the CPCI\/I Device A, it will send a ContentRequest message to the 
device A. together with: 

a ) the ContentlD/ProgramNumber of the requested content/program; 
10 b) CPCM_DomainlD in the device B; 

c ) the public key — PublicKey on-line generated by (or previously embedded 
in) Baseline DVB-CPCM of the device B; 

d) the CPCM_DevicelD of the device B; 

15 The Baseline DVB-CPCM of device A receives the ContentRequest messages 
with the CPCM__DomainlD and the PublicKey, and it will verity: 

a ) whether device B is In the authorized domain. It Is done by either doing a 
mutual authentication with Device B using certificates through mutual 

20 . authentication messages, or simply by checking the received CPCM_DomainlD 
against with its own CPCM^DomainlD; 

b ) whether there is such content/program with the ContentlD/ProgramNumber 
(programNumber is used In broadcasting case); 

c ) Whether there is such copy right for the requested content/program by 
25 calling the Rights Management Module to check the usage rules carried in 

CPCM Rights Holder. 

d ) If the above-mentioned three steps are passed through, the encryption key 



BNSOOCIO: <WO_0303916SA«_I_> 



wo 03/039155 



12 



PCT/JP02/11126 



carried by CPCM Stream which is stored in the device A, is encrypted by the 
received PublicKey and re-fonnfi a CPCM Stream attached to the protected 
content; 

e ) Finally the requested content vi^ll be transferred from the device A to the 
5 device B together with the CPCM information where some CPCM Information 

may be changed; 

f ) If Copy right is Copy Once in the CPCM Rights Holder, then Copy Once will 
be changed Into Copy No More; 

g ) If the copy right information is carried in video embedded by watemiaridng, 
10 then a watermarking extracting tool will be called up from Tools Box to extract 
the copy right information. In this case if the copy right is Copy Once, then a 
watermarking embedding tool will be called up to embed Copy No Mbre to the 
same video content; 

15 (4) CPCM tool transferring between two compliant CPCM Devices: 

It is assumed that CPCM Tools are stored in the module of Tools Box of 
Baseline DVB-CPCM in the CPCM Device A 

20 CPCM Device B receives a protected content and retrieves CPCM Tool ListBut 
when it is found that the tool required with ToollD Is missing or cannot be found 
from the Tools Box of Baseline DVB-CPCM In the device B, the device B will 
send ToolRequest messages to the device A to request such tool, and the 
messages include: 

25 

a) the CPCM_DomainlD of the device B; 

b) the ToollD of the requested tool; 
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c) the CPCM__DevlcelD of the device B; 

CPCM Rights Management module in the device A receives the ToolRequest 
messages with the CPCKf!_DomainlD and the ToolID, and it will verify: 

a ) whether device B is in the authorized domain. It is done by either doing a 
mutual authentication with Device B using certificates through mutual 
authentication messages, or simply by checking the received CPCM^DomainlD 
against with its own CPCM_DomainlD; 

b ) whether there is sudi tool with the ToolID, by looking up the tool table list 
stored in the local memory such as RAM which is inside the Baseline DVB- 
CPCM of the device A; 

c ) whether it is allowed for the tool to be transfenred to another device even in 
the authorized domain, according to the transferring status for the requested 
tool; 

d ) If the above-mentioned three steps are passed through, the requested tool 
will be transferred from the device A to the device B, together with its 
transferring status; 

Embodiment 

A preferred embodiment of the invention will be described below with reference 
to the drawings. 

Figure 1 shows the prior art for the current typical DTV system, and DVB-STB 
with a private CA system is shown as the receiver here as an example. 
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In unit 1.0 Content Owner issues content to different operators with certain 
basic and common usage rules for the content; 

In unit 1.1 Operator A creates protected content using its tool and format 
5 altfiough MPEG-2 standard is used here for audio, video and system encoding. 
The format of usage rules, the protection mechanism including protection tools 
used here, is based on a proprietary specification A. So a CA module in unit 1.2 
based on such specification B has to be used to attach to the DVB-STB 1, in 
order to be able to receive and interpret in unit 1.3, and consume the protected 
10 content in unit 1.4. 

The same way is applied to Operator B and DVB-STB 2. 

15 In unit 1.6 Operator B creates protected content using its tool and format 
although MPEG-2 standard is used here for audio, video and system encoding. 
The format of usage rules, the protection mechanism including protection tools 
used here, is based on a proprietary specification B. So a CA module in unit 1.6 
based on such specification B has to be used to attach to the DVB-STB 2, in 

20 order to be able to receive and interpret in unit 1.7, and consume the protected 
content in unit 1.8. 

The same way is applied to Operator C and DVB-STB 3. 

25 |n unit 1.9 Operator B oneates protected content using its tool and format 
although MPEG-2 standard is used here for audio, yndeo and s^em encoding. 
The format of usage oiles, the protection mechanism including protection tools 
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15 

used here, is based on a proprietary specification C. So a CA module in unit 
1.10 based on such spedfication C has to be used to attach to the DVB-STB 3, 
in order to be able to receive and interpret In unit 1.11, and consume the 
protected content in unit 1.12. 

5 

It is shown from the above mentioned situation, if DVB-STB 1 wants to receive 
and consume contents delivered by Operator B and C besides Operator A. user 
of DVB-STB 1 has to buy more than one CA systems which may cause much 
more than what user is not willing to pay. 

10 

On the other hand it is also not possible for such DVB-STB to fulfil secure 
oontent storing arKi secure content transferring between different devices by 
carrying the same usage rules. 

15 Furthermore there is no any compatibility among all the existing CA systems, so 
that the cost for having the same DVB-STB be able to receive and consume 
contents from as many as operators would be very large to consumers. 

As new generation DVB-STB would have local storage embedded in the STB to 
20 not only receive but also store received content. Besides that, content 
transferring between such devices induding Personal Video Recorder (PVR) 
would become demanding. So it Is necessary to define a new DVB device to 
realise both interoperable and secure content delivery and transferring from end 
to end and also between such devices. 

25 

End-to-End Solution 
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Based on this invention, a future compliant DVB CPCM STB will contain a 
Baseline DVB-CPCIVI Module that is pre-implemented or embedded in a DVB 
STB, shown as in Figure 2. 

5 An end to end solution based on DVB CPCM STB with the invented Baseline 
DVB-CPCM Is illustrated in Figure 2. The Baseline DVB-CPCM is specified, 
including its sub-function modules, CPCM Manager, Tools Box, Rights 
Management Module (Usage States & Rules Parser), CAS-CPCM Converter 
between a private CAS (ECM & EMM) and CPCM Usage States & Rules, as 

1 0 well as Message Router which transmits all necessary messages. 

Figure 3, the structure of MPEG-2 content protected by CPCM system is shown. 

As shown In Figure 3 a CPCM protected content will contain CPCM Control 
15 Infonnatlon including CPCM Tool List, CPCM Right Holder and CPCM Tool 
Container, as well as CPCM Stream. CPCM Control Information Is earned in 
PSI (Program Service Infonnation) in MPE6-2 system, while CPCM Stream is 
carried as a specific elementary stream. 

20 There are two possible Use Cases for the above DVB CPCM STB. 

1 ) In the case content is protected and managed by the standardized DVB 
CPCM system: 

25 Content will be encoded and encrypted with certain usage rulas. and 
distributed/transmitted with other usage infonmatlon that depends on user 
subscription, to DVB CPCM STB. 
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Here since all elements, like encryption tool, and usage rules encoding, are 
based on the CPCM system, so Baseline DVB-CPCM, which is embedded In 
the STB will call up the decryption tool in the Tools Box, parse the usage rules 
5 by Rights Management Module, and then process the protected content. 

The encryption key is encrypted again and carried in a CPCM Stream. The key 
used to encrypt the encryption key, i.e., license key is either carried In Rights 
Holder, or made known to the DVB CPCM STB in some secure way, either via 
10 smart card, or via a return channel like modem line. 

Rights Management module in the invented Baseline DVB-CPCM of a 
complaint CPCM device will act for the following functtons, as shown in Rgures 
4 and 5. 

15 

In the Figure 4 for the case of broadcasting, the protected content with Its 
CPCM information is passed to Rights Management (RM) module in the unit 1, 
and CPCM Rights Holder will be retrieved in this module. Usage Rules and 
possibly the license key are carried in the CPCM Rights Holder. 

20 

In the first step in the unit 2 as shown In Figure 4, RM checks the content 
carried in CPCM Rights Holder against the CPCM_DomalnlD which user is 
entitled to receive and has registered into user's CPCM device, to verify 
whether this device is eligible to consume the content. 

26 

• If the above result is negative, then the RM will generate an output message 
saying: you are not authorized, as shown in unit 3. 
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• If the above result is positive, then the RM will retrieves the license Key either 
from Rights Holder or smart card In unit 4 to be ready for decrypting the 
encrypted encryption key which Is canied In the CPCM Stream. 

In the next step, the RM will check user's request or preference between Play or 
Play & Copy in unit 5. 

• in the case of "Play only" requested by user, the retrieved License Key in unit 
4 will be passed to unit 8 for decrypting the encrypted encryption key. The 
following step is to de-scramble the protected content In unit 9 and playback the 
content in unit 10. 

• In the case of Play & Copy request by user, the RM will retrieve the Usage 
Rules in unit 6 to verify whether there Is copy right to save the current content 
(or program In broadcasting case) in the storage in the complaint CPCM device. 

• If the above result is negative, then the RM will generate an output 
message saying: Copy/Move is prohibited, as shown in unit 7. 

• If the above result Is positive, then the retrieved License Key in unit 4 will 
be passed to unit 8 for decrypting the encrypted encryption key. The following 
step Is to de-scramble the protected content in unit 9 and playback the content 
in unit 10. At the same time, in unit 11 the reconstructed encryption key is 
saved in Rights Management module for later use. The protected content is 
stored in local storage in the CPCM device in unit 12. 
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In the Figure 5 for the case of content distribution, the protected content with its 
CPCM information is passed to Rights ly^anagement (RM) module in the unit 1, 
and CPCM Rights Holder will be retrieved in this module. Usage Rules and 
possibly the license Icey are canied in the CPCM Rights .Holder. 

In the first step in the unit 2 as shown in Figure 5, RM checks CPCM_DomianlD 
carried in CPCM Rights Holder against the CPCM_DomianlD which has 
registered into user's CPCM device, to verify whether this device is in the 
Authorized Domain and is eligible to consume the content 

• If the above result is negative, then the RM will generate an output message 
saying: you are not in authorized domain, as shown in unit 3. 

• If the above result is positive, then the RM will retrieves the license Key eitiier 
from Rights Holder or smart card in unit 4 to be ready for decrypting the 
encrypted encryption key which is earned in the CPCM Stream. 

In the next step, the RM will check user's request or preference between Play or 
Play & Copy in unit 5. 

• In the case of "Play only" requested by user, the retrieved License Key in unit 
4 will be passed to unit 8 for decrypting the encrypted encryption key. The 
following step is to de-scramble the protected content in unit 9 and playback the 
content in unit 10. 

• In the case of Play & Copy request by user, the RM will retrieve the Usage 
Rules in unit 6 to verify whether there is copy right to save the current content 



03a39165A2.l_> 



wo 03/039155 



PCT/JP02/11126 



20 

(or program In broadcasting case) in flie storage in tiie complaint CPCM device. 

• If the above result is negative, then the RM will generate an output 
message saying: Copy/Move is prohibited, as shown in unit 7. 

5 

• If the above result is positive, then the retrieved License Key in unit 4 will 
be passed to unit 8 for decrypting the encrypted encryption key. The following 
step is to de-scramble the protected content in unit 9 and playback the content 
in unit 10. At the same time, in unit 11 the reconstmcted encryption key is 

10 saved in Rights Management module for later use. The protected content Is 
stored in local storage in the CPCM device in unit 12. 

In Figure 6. it is shown how CPCM Manager retrieves a tool, and obtains a 
missing tool in different ways. 

15 

As in Figures, CPCM Tool List is passed to CPCM Manager module in unit 1 to 
retrieve the requested tool. In unit 2 Tools Box will be looked up to search for 
the requested tod. If the requested tool exists in the Tools Box, the tool will be 
activated for functioning in unit 3. Othenwise the CPCM Tool Container will be 
20 checked if it exists, shown in unit 4. 

If the requested tool can be found in unit 4, then the tool will be retrieved from 
the CPCM Tool Container and saved in the Tools Box in unit 6. Otherwise the 
requested tool will be obtained from another CPCM device by sending a request 
25 message in unit 6. 

If the tool request is accepted, then the tool will be transfen-ed over and saved 
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in the Tools Box in unit 7. Otiierwise the reply message will tell the reasons for 
the failure in unit 8. 

In unit 9 a CPCM Plug-in module will be checked to see if there is such 
6 requested tool to use. If no, the requested tool has to be retrieved from remote 
side via a return channel, URL, or other means in unit 11. 

2 ) In the case content is protected and managed by a private CAS system: 

10 Content will be encrypted by control word in an ECM, and transmitted with their 
own fomiat of EMM, to DVB CPCM STB. 

Since ECM and EMM are based on the private format of the CAS system, so a 
corresponding private CAS module is required in the DVB STB to decrypt and 
1 5 process the protected content 

As shown in Figure 2, a CPCM plug-In module (CAS-CPCM converter), such as 
Smart Card with DVB compliant Common Interface (CI), is provided by the CA 
vendor to receive and playback such content 

20 

Communications between a CAS-CPCM converter module and the Baseline 
DVB-CPCM module in the compliant CPCM device is realized across a DVB 
compliant Common Interface (CI). CAS is Conditional Access System. 

25 Next, mapping between CA system and Baseline DVB-CPCM for Storage is 
described. 
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In the case if the content is just for playback, there is no necessity to conduct 
mapping. However, in the case if the content Is granted to store in the DVB 
CPCI\/I STB for future transferring in the authoring domain, a CAS-CPCM 
converter module with DVB compliant Common Interface (CI) is required to map 
the Usage Rules used in the private CA system to CPCM format for the Usage 
Rules. Besides mapping usage rules, the content also needs to be decrypted 
by the private CA system, and then be encrypted again by the Baseline DVB- 
CPCM, to store in the STB in an encrypted form together with their CPCM 
Control information (CPCM Tool List, CPCM Rights Holder, etc) as well as 
CPCM Stream to hold the encryption key and other relevant information. 

The following table shows the Functions of Each Modules Illustrated in Figure 2 
for the end to end solution. 



Table 1 : Functions of Each Modules Illustrated in Figure 1 



Module Name 


Functions 


Operator/Server Side 




Rights Authoring Tool 


Editing of XML based Usage Rules and converting it 
into Binary format 


Content Authoring 
Tool 


Encoding and editing the content 


Watermarking Tool 


Embedding watermark on video or audio 


MPEG-2 Encoder 


Creating MPEG-2 compliant AudioA/ideo/System 
streams 


CPCM Control 
Infomiation Encoder 


Creating CPCM Tool List, CPCM Rights Holder 
Descriptor, CPCM Tool Container, CPCM Control 
Graph 



wo 03/039155 



PCT/JP02/11126 



23 



CPCM Tools 


Encrypting a stream, hashing of CPCM Control 
Information, etc. 


Usage States & Rules 
Encoder 


Selecting and encoding usage rules based on 


CPCM Stream 
Generator 


uiuriypuiiy uie didypuon rvGy lo genersie oivi 

Sfrft^im Oth^r informafinn that a r*Or^lV/I i/^rkl n^^^HG 

can also be put in CPCM stream with proper 
timestamp. 


Private ftAR 


wperaucin OT duy propneiary sysiem. 


Receiver/Client Side 






M oianaaruizea unii consisnnQ ot several suo- 
modules that does CPCM functions in a compliant 


CPCM Manager 


Managing tools box. parsing tool list, retrieving 
CPCM tools; Content and Domain management; 


Tools Rnyc 


i-4r\lrlinn oil Aviefinn /^D/^H^ TAnie^* 

nuiuiiig dii ^Aioiing or^v^ivi i ooiSy 
Performing CPCM Tools function; 


Rights Management 


Parsing Binary (XML optional) based Usage Rules 

wai 1 II 1 rviyi lio nwiucri L/c?o(i»i i|L/iOi , diiU conu OlS ine 

consumption or copy of content. 


Message Router 


A conceptual entity within Baseline DVB-CPCM that 
provides Messaging Interface between proprietary 
CPCM toots or compliant CPCM Devices. 


CAS-CPCM converter 


Conversion of Proprietary CAS Usage Rules into 
CPCM Usage Rules (CPCM Rights Holder 
Descriptor) across DVB Common Interface (CI), Re- 
Encryption, fomning of CPCM Stream. 
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Next, Baseline DVB-CPCM used in Transmission between CPCM Devices is 
described. 

5 Transmission between two compliant CPCM devices is realized through a 
standardized Baseline DVB-CPCM module Message Router that is pre- 
impiemented in all CPCM devices. The communication is through messaging 
interface to provide jnteroperability, as shown in Figure 7. 

10 Messages via Message Router (MR) provide the following transmissions 
between CPCM devices: 

• Content transferring firom one to another, 

• CPCM Tool transferring firom one to another; 

15 

the following identifications are defined to use for content management and 
user database management during content transferring and rights 
authentication. 

20 Table 2 Parameters defined for Content Transfening in Authorized Domain 



IDs defined for Content 
Management and 
Authorized Domain or 
User Database 
Management 


Definition and Usage 


ContentID 


An identifier assigned to each content for 
content management 
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CPCM_DevlcelD 


An identifier assigned to eachi CPCIVI 
compatible device to use as address for 

sendina and recsivina ma^^ano^ 


CPCM_DomainJD 


An identifier may obtain from Operator upcMi 
user registration and used for several CPCM 
Devices in the same Authorized Domain. 



It is assumed that an encrypted content is stored in CPCM Device A with CPCM 
Rights Holder containing its Usage Rules and the encryption key. 

1 ) Content Request Message Sending from CPCM Device B to CPCM Device 
A 

Now CPCM Device P sends message via Message Router to request certain 
content with the ContentlD/ProgramNumber or possible elementary PIDs, as 
well as its CPCM_DomalnlD. Besides these parameters, CPCM Devica R also 
generates one pair of keys and sends the PublicKey together with the above 
parameters to CPCM nftvir.ft a shown as in table 3. 



Table 3 Content Request Messages 



Messages 


Length 


Notes 


ContentlD/ProgramNumber 


4 bytes 




CPCM_DomainlD 


4 bytes 




PublicKey 


16 bytes 





15 

2) Verification - Mutual Authentication 
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Then, the CPCM Device A receives this message with all the parameters, 
searches ContentlD/ProgramNumber in the storage, and verifies 
CPCM_DomianlD against its CPCM_DomianlD by CPCM Rights l\^anagement 
module in the Baseline DVB-CPCM. At the same time it checl<s the usage rules 
for the requested content/program, and finally grants copy or move right by 
sending a reply message to CPCM__Device_B. 



10 



The reply message fbnnat is shown in Table 4, Including error reporting. 
Table 4 Response Message for Content Request 



Reply Message & 
Codes 


Error Reporting 


Note 


No 


00 


No such content. 




No 


01 


You are not in the authorized 
domain. 




No 


10 


Prohibit in Copy/Move mode 




Yes 


11 


Transferring is allowed 





3 ) On-line Encryption for the Encryption Key to create CPCM Stream 

15 After finishing the above Rights Authentication, the encryption key stored 
together with the content In CPCM Device A, will be encrypted by the PublicKey 
received firom CECMJDfiyjj^ to fonn a CPCM Stream. 

4) Content Transfarring from CPCM Devir.!^ a CPCM Device R 

20 
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Now the requested content, together >wth Usage Rules (may changed) and the 
formed CPCM Stream, is transferred from CPCM Device A to CPCM Device R 
securely via secured channel. 

5 5) Tool Transferring Between CPCM Device A and CPCM Device B 

CPCM Manager in CPCM Device B retrieves CPCM Control Information carried 
In PSI of MPEG-2 TS stream to obtain CPCM Tool List CPCM Manager 
checks the CPCM Tool List against with Tools Box in CPCM Device B , and 
10 cannot find the Tool Indicated by ToollD. This may happen for the case where a 
new or upgraded CPCM Tool is used but the CPCM Device B does not 
implement 

In this case CPCM Device B has three ways to obtain the missing CPCM Tool. 

15 

a ) CPCM Device B sends Tool Request Message to CPCM Device A via 
Message Router, to request the Tool with the ToollD. At the same time it also 
sends its CPCM_DomainlD to CPCM Device A. The Tool Request Messages 
format is shown as in Table 5. 

20 



Table 5 Tool Request Message Format 



Tool Request Message 


Length 


Note 


ToollD 


2 bytes 




CPCM_DomainlD 


4 bytes 





CPCM Device A receives the Tool Request Message, it may choose to do a 
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mutual authentication with Device B, and checks Tools Box with the ToollD for 
the transfening pemiission status as shown in Table 6. 

Table 6 Tool Description In a Tools Box of CPCM Device 

5 



1 OOliD 


Num 
ber 


Function 


Source 


Status for 
Transferring 


OOCX}0001 


1 


Enarypttoni 


Pre-implemented 


No 


00000002 


2 


Encryption2 


Prenmplemented 


No 


00000004 


4 


Encryptions 


PreHmpiemented 


Yes 


00000006 


6 


Digital Sign 


Pre-implemented 


Yes 


000000010 


10 


Watermarking 
Embedding 


Pre-lmplemented 


No 


00000001 1 


11 


Watermarl<ing 
Embedding 


PreHmpiemented 


Yes 


000000012 


12 


\A/of orm a rlc inn 

Detection 




yes 


000000020 


20 


Encryption20 


Loaded from CPCM 
Device 


Yes 


000000021 


21 


Encryption21 


Loaded fipom Content 
Stream 


Yes 


000000022 


22 


Encryption22 


Loaded from Plug-in 
module 


Yes 


000000023 


23 


Encryption23 


Loaded from Remote 
URL 


Yes 



If the status is yes, theri CPCM Device A will send reply to CPCM Device B, 
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followed by sending the Tool with its associated description to CPCM Device B. 

b ) As shown in table 6, the missing tool also can be retrieved from the content 
stream carried In CPCM Tool Container; 

c ) As shown in table 6, the missing tool also can be obtained firom another 
CPCM device; 

d ) As shown in table 6, the missing tool also can be retrieved from the r^ote 
URLs via a return channel or other means, which is out of this scope of the 
proposal; 



Next standardized components In the baseline DVB-CPCM is described. 

Those function modules used in a Baseline DVB-CPCM are listed in the Table 7 
15 below. 



Table 7 Function Module of Baseline DVB-CPCM 



Module Name 


Function Description 


Suggestion 


1. CPCM 
Manager 


Content Management 
Authorized Domain Management 
CPCM Control Information Retrieval 
(Tool List, CPCM Rights Hdder, Tod) 


normative 


2. Tools Box 


Holding CPCM Tools and their 
Description 

Performing Tool's Function 


normative 


3. Rights 
Management 


Parsing Usage States & Rules (from 
Rights Holder Descriptor in CPCM 


normative 
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Control Infonmatlon) and Storing them 
in a secure table with its ContentID 




4. Message 
Router 


Providing message interface to 
CPCM devices; Routing messages 
between proprietary CPCM tools 
(CPCM plug-ins) and device; Routing 
messages between CPCM devices. 


normative 


5. CAS-CPCM 
converter 


Transcoding Proprietary Usage Rules 
into CPCM Rights Holder Descriptor 
via CI; Controlling re-encryption using 
CPCM Tools in Tool Box for storage; 
Forming CPCM Stream. 


Optional for 
CPCM Devices; 
Used for 
backward 
Compatibility for 
private CAS; 


All Types of 
Message Format 







As shown in the Table 7, except the last module, all other five modules 
including their functions and behaviors, are needed to be normative and 
standardized to provide woridwtde interoperability. 

The message format firom/to Message Routers between CPCM devices and 
proprietary CPCM tools (plug-ins) will be normative, and it is used for Content 
transferring, Tool transferring, mutual authentication between CPCM devices, 
as well as interfacing with CPCM plug-ins. 

Interfaces between different modules inside a Baseline DVB-CPCM are not 
defined here, and it is implementation matter Even the interface between 
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Baseline DVB-CPCM and DVB STB is also not defined here as long € 
Baseline DVB-CPCM fulfils all the functions that are defined here. 
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CLAIMS 

1 An apparatus of a Baseline DVB-CPCM (Digital Video Broadcasting for 
Content Protection and Copy Management) on sender side used in a complete 
business environment, said apparatus distributing a CPCM protected content in 
which content protection and copy management (CPCM) Infomiation for CPCM 
is attached to an encrypted content stream, said apparatus comprising: 

means for generating said encrypted content stream on the 
content owner side or operator side; 

means for generating said CPCM information which specifies an 
authorized domain which is authorized to perfomi one of reproduction and copy 
of said CPCM protected content; 

means for generating said CPCM protected content by attaching 
said CPCM Infonnation to said encrypted content stream; and 

means for delivering said CPCM protected content 



2. An apparatus of a Baseline DVB-CPCM (Digital Video Broadcasting for 
Content Protection and Copy Management) on receiver side, comprising: 

means for receiving a CPCM protected content stream with its 
CPCM Infonnation and CPCM stream in CPCM device, said CPCM infom,atlon 
specifying an authorized domain which is authorized to perfomi one of 
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reproduction and copy of said CPCIVl protected content; 

means for retrieving said CPCM information by said CPCIV1 device 
to verify against prewegistered infomiation in a Baseline DVB of said CPCIVi 
5 device to see whether said CPCIVI device is in an authorized domain; 

means for retrieving said CPCM infomiation by said CPCM device 
to decrypt said encrypted content stream; 



10 



25 



means for storing the content in a protected forni in said CPCM 

device; and 



means for transferring the CPCM protected content from said 
CPCM device to another complaint CPCM device in a secure manner, after 
15 authenticating they are belong to the same authorized domain. 



3. An apparatus of a Baseline DVB-CPCM (Digital Video Broadcasting 
for Content Protection and Copy Management) used for end^o^nd solution on 
20 sender side, comprising: 

means for generating a CPCM protected content stream on the 
content owner side or operator aide; 



mean^fbr fbrniFhg a Tool ti^oe CPCM Tool List to list all the tools used 
to protecting said content by using a tool ID code to .>o assigned to any tool 
used for protecting said content including such as encryption, watem«.^ 
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embedding, >A^emiarklng detecting, digital 



signing; 



means for oreaSng a CPCM ConM Graph to ten a or^- 
"sfng«fl«^toCsind«re«mppsi«on; P~«-*on sequence 

meansfbrcrea«ngaCPCMToo,ComalnertocanyaCPCM.o,- 
certain cPCM Tool ID; °°' 

means tor forming a CPCH« stream to cany key -.r^^, 
infomiation, and tims ■ , "ifoimation. control 

n, ana ome stamp infomiation which are related .iv,. • . 
ofusingsaidtoolstopn^ectsaidc^ntent *^ ""^-matlon 

CPCmZ! ^ """" "-""^'"3 CPCM TOO. us. 

CPCM Rights Holder. CPCM Control Graph CPCM t^i /. 

CPCM St^m in the s.tem la^ . ^ - - 

.ogether with said CPCM p^tec^ content stream- ™' ^ 

means for assignino Content ID as «>nteM ^ 
management on both operator side and user Side; and 

means for delivering said CPCM protected content with its said CPCM 
ntom»«on to CPCM device in a sec.™ manner, said CPCM device belonging 
to said authortzed domain set by speci^ng CPCM_DomainlD as ,spc„ 
Domain Identifier for authorized domain tnanagemem 
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4. An apparatus of a Baseline DVB-CPCM (Digital Video Broadcasting 

for Content ProtecUon and Copy Management) on receiver side, comprising: 

means for receiving a transmitted content by a CPCM device; 

means for authorizing said CPCM device to see whether it belongs to 
said authorized domain; 

means for retrieving said CPCM information Included in said transmitted 
content by said CPCM device to obtain said protection infomiation; 

means for verifying said usage rules of content by said CPCM device 
1 5 before taking acUon on user's request; 

means for decrypting said CPCM protected content using said retrieved 
CPCM information by calling up CPCM tools from said CPCM device or a 
proprietary CPCM Plug-in module If the requested CPCM tool Is missing In said 
20 CPCM device; 

means for playing back said decrypted content to said usen and 

means for storing the CPCM protected content with its CPCM information 
25 in said CPCM device If said user has such request 



wo 03/039155 



36 



PCT/JP02/11126 



5. An apparatus of a Baseline DVB-CPCM (Digital Video Broadcasting 
for Content Protection and Copy Management) used for content transferring 
between devices, comprising: 

means for setting a set of messages for content transferring with the data 
structure for several parameters used for content transferring; 

means for receiving a Content Request Message which is sent with 
several defined parameters by CPCM device B to request a content transferring 
from CPCM device A; 

means for verifying said several parameters received by said CPCM 
device A with the data pre-saved in said CPCM device A which is CPCM 
information specifying an authorized domain vnhich is authorized to perform one 
of reproduction and copy of said CPCM protected content, to authenticate 
whether said CPCM device A and B are In the same domain, whether the 
requested content is In said CPCM device A, whether there Is such copy/move 
rights attached to said content; 

means for sending a Content Response Message with several reply 
messages for different cases by said CPCM device to said CPCM device B, 
after the above said verification; and 

means for sending the requested content from said CPCM device A 
together with Its CPCM Infonmatlon to said CPCM device B in a secure manner 
If the above said reply is positive. 
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6. An apparatus of a Baseline DVB-CPCM (Digital Video BfX)adcasting for 
Content Protection and Copy Management) used for CPCM tool transferring, 
comprising: 

5 

means for setting a set of messages for tool transferring with the data 
structure for several parameters used for tool transferring; 

means for sending a Tool Request Message with several defined 
10 parameters by CPCM device B to request a tool transferring from CPCM device 
A; 

means for verifying said several parameters received by said CPCM 
device A with the data pre-saved in said CPCM device A which is CPCM 
15 information specifying an authorized domain which is authorized to perform one 
of reproduction and copy of said CPCM protected content, to authenticate 
whether said CPCM device A and B are in the same domain, whether the 
requested tool is in said CPCM device A, whether the requested tool is allowed 
to transfer to another CPCM device; 

20 

means for sending a Tool Response Message with several reply 
messages for different cases by said CPCM device to said CPCM device B, 
after the above said verification; and 

25 means for sending the requested tool from said CPCM device A together 

v\^th its status for transfening to said CPCM device B in a secure manner if the 
above said reply Is positive, 
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\A/herein said CPMP device B retrieves said CPCM tool from other 
sources if tlie ebove said reply is negative. 

6 

7. An apparatus of a Baseline D\^-CPCM (Digital Video Broadcasting for 
Content Protection and Copy Management) comprising: 

CPCM Manager module for the Baseline DVB-CPCM, to retrieve CPCM 
10 information thiat is placed in a system layer of a received content stream, and to 
process said CPCM Too List information and retrieve CPCM tools indicated by 
TodiD in said CPCM Tool List; 

15 Rights Management module for the Baseline DVB-CPCM, to retrieve 

said CPCM Rights Holder information for domain authentication, usage rules 
verificaGon, and session key delivery if it is necessary; 

Tools Box module for the Baseline DVB-CPCM, to hold the possible 
20 defined CPCM tools or tools transferred and retrieved from other sources, and 
to activate the requested tool for performing its function; 

Message Router module for the Baseline DVB-CPCM, to use for 
message interface for sending and receiving message between CPCM devices, 
25 espedally for communication between a compliant CPCM device and a 
proprietary CPCM Piugnn module; 
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CAS-CPCM Converter module for the Baseline DVB-CPCM, to use for 
converting usage rules set by an existing CA (Conditional System) system 
across the DVB compliant common interface (CI) for backward compatibility; 

5 Key Generator module for the Baseline DVB-CPCM, to generate a pair of 

keys for secure content transferring. 

8. An apparatus of a Baseline DVB-CPCM for generating a protected 
10 content stream on the content owner side or operator side in daim 3, further 

comprising: 

means for embedding copy control information in a content using 
said CPCM tools, such as v^^termarking, if there is such requirement; 

15 

means for encoding a content based on existing formats such as 
MPEG-2 using encoding tools, to form a content stream; 

means for encrypting said content stream using said CPCM tool to 
20 form a protected content 

9. An apparatus of a Baseline DVB-CPCM for generating content 
protection and copy management (CPCM) control information and generating 

25 content protection and copy management (CPCM) stream in claim 1, 
comprising: 
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means for forming a Tool List as CPCM Tool List to list all the tools used 
to protecting said content by using a tool ID (identifier) to be assigned to any 
tool used for protecting said content including such as encryption, watermarking 
embedding, watermarking detecting, digital signing; 

means for creating CPCM Rights Holder by including usage mles, copy 
rights, etc. which is related to said content in a specific format; 

means for creating a CPCM Control Graph to tell a protection secpjence 
using different tools in different position: 

means for creating a, CPCM Tool Container to carry a CPCM tool with 
certain CPCM Tool ID; 

means for forming a CPCM Stream to carry key information, control 
information, and time stamp information which are related to those information 
of using said tools to protect said content 

10. An apparatus of a Baseline DVB-CPCM for sending a Content 

Request Message with several defined parameters by a CPCM device B to 
request a tool transferring from another CPCM device A in claim 5, further 
comprising means for sending a Content Request Message with the ContentID 
for the requested content, the CPCM_DomainlD for domain authentication, and 
the PublicKey for using to encr^t encryption key. 
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11. An apparatus of a Baseline DVB-CPCM for sending a Tool Request 
Message with several defined parameters by a CPCM device B to request a 
tool transferring from another CPCM device A in claim 6, further comprising 
means for sending a Tool Request Message with the ToollD for the requested 

5 tool, the CPCM_DomainlD for domain authentication, and the PublicKey for 
using to encrypt said tool. 

12. An apparatus of a Baseline DVB-CPCM for retrieving said CPCM tool 
10 from other sources if the above said reply is negative in claim 6, further 

comprising means for downloading from said other sources via a return channel, 
a defined URL, or other means in a secure manner. 

15 13. An apparatus of a Baseline DVB-CPCM for sending a Content 

Request Message and sending Tool Request Message in claims 5 or 6, further 
comprising: 

means for using a defined CPCM_DevicelD as CPCM Device Identifier 
20 for its CPCM devices within the same authorized domain; 

means for using said CPCM_DevicelD to send a message to a CPCM 
device that has said CPCM_DevicelD, and at the same time using another 
CPCM_DevicelD for the message sender's address. 



<VK>_aaas8i68A2. i .> 



V/O 03/039155 



PCT/JP02/11126 



1/7 




BNSOOCID: <WO_03039166Aa.L> 



wo 03/039155 



PCT/JP02/11126 



2/7 



CNsI 



Message Router 



CD 

i 



o 

O 
I 

fiO 
0) 



a> 

€0 
CO 

m 



8 

0) 



o © 

58 



o 



8 



O 



I 



o o 

I- CD 



CPCM Manager 



T 



s = 

O 



O 

c 
c 

CQ 
O 

c 



a> 



Protected Content with Usage Sates & Rules 




•3 c: 

^ .S2 

= 3 E 

o .£2 S 



BNSOOOO: <WO_(»0391S5A2lL> 



wo 03/039155 



PCT/JP02/11126 



3/7 




BNSOOCID: ^aiVQ_O303915&Aa.L> 



wo 03/039155 



PCT/JP02/11126 



4/7 



Fig.4 



CPCM Rights Holder Information: 
Usage Rules and possibly license key 



Rights Management 



r 




Yes 



"You are not In the 
Authorized Domain' 



Retrieve License Key 




Copy 

Authorized 



^6 


Copy 




Inhibited 






Prohibit in 


Copy/Move- mode 



[Peayptong the enacted enayptfon 



Save the 
reconstructed key 
in the CPCM 
Device 



I 



Decrypting the encrypted encryplion k^ 



Decrypting the 
encrypted content 



12 



Save the 
protected content 
in storage if the 
CPCM device 



Decrypting the encrypted content 



i r 



10 



Playback the 
content 



10 



Playback the content 



BNSOOCIO: <WO_03a3915SA2J_> 



wo 03/039155 



PCT/JP02/11126 



5/7 



Fig. 5 



CPCM Rights Holder Information: 
Usage Rules and possibly license key, 
CPCM_DomainID 



"You are not in the 
Authorized Domain" 



Copy 

Authorized 




^ ^8 

[Peciypting the enaypted enayption key 



Prohibit in 
Copy/Move mode 



11 



Save the 
reconstructed key 
in the CPCiy/l 
Device 



I 



9 



8 



Decrypting the enaypted enayption l(ey 



Decrypting the 
encrypted content 



12 



Save the 
protected content 
in storage if the 
CPCi\4 device 



9 



Decrypting file encrypted content 



10 



Playback the 
content 



^0 



Playback the content 



BNSOOCIO: <WO_09039166A^I_> 



wo 03/039155 



PCTAWOl/lllie 



6/7 



Fig.6 



CPCM Tool List 
lnformation:Tool ID, 
etc. 



CPCM Manager 



Yes 




Not Found 



Can get from 
CPCM Tool 
Container 



Found 



Call up the tool with ToollD 



Retrieve from CPCM 
Tool Container 



Yes 



6 



Canaet from another 
J^PCM device 



8 



"there Is no such Tool or you 
are not in the authorized domain" 



Retrieve from another 
CPCM Device 



Retrieve from a 
remote side, or URL 



Can use the tool 
provided by a CPCM 
^lug-In modul§, 
7 



Using the tool provided by a 
CPCM Plug-in module 



BNSOOCID: <WQ_03aa8156AU_^ 



wo 03/039155 PCT/JP02/11126 



1/1 



CPCM Manager 



o 
% 
<S 

of 

I 

8 
1 



O 
O 



o 

Q. 

O 

i 

0) 

c 
"35 

CO 

<0 
CO 



8 

9 go 
531 



a> 

E 
o> 

to O) 

•*S CO 

-S. = 
ITS 



CQ 

8 
1 

Q 



O 
Q. 
O 



to 

o o 



Message Router 



.2> 




Message Router 



o 
o 



8 

Si 

If 

o o 



8 
o 



c: 
a> 

E 
o> 

CO g> 

•ts cu 
■& 
.SP CD 



< 
8 

Q 



O 
O 



JO 

o o 

h-GQ 



CPCM Manager 



eNSOCX^ID: •<WOL.03Q38165A^J.> 



(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Oi^anization 
International Bureau 




iiiiiPiiiiiiiiiiiiwiiiiiiiiiiinii 



(43) International Publication Date (10) International Publication Number 

8 May 2003 (08.05^003) pCT WO 03/039155 A3 



(51) International Patent Classification^: H04N 7/24, 
7/16, 5/913 

(21) International Applieation Number: PCT/JP02/1 1126 

(22) International Filing Date: 28 October 2002 (28.10.2002) 



(25) Filing Language: 

(26) Publication Language: 



English 
English 



(30) Priority Data: 

2001-330827 



29 October 2001 (29. 10.2001) JP 



(71) Applicant (for all designated States except US): MAT- 
SUSHITA ELECTRIC INDUSTRIAL CO^ LTD. 

[JP/JP]; 1006, Oaza Kadoma. Kadoma-shi, Osaka 
571-8501 (JP). 

(72) Inventors; and 

(75) Inventors/Applicants ^or US only): SHEN, Sheng 
Mei [SG/SGJ; Block 20. Choa Chu Kang Street 64, 
#03-02 \\^ndennere, 689093 Singapore (SG). JI, Ming 
[CN/SG]; Block 10. Geylang East Avenue 2, #02-09, 
389758 Singapore (SG). HUANG, 2^ongyang [CN/SG]; 
Block 8, HoUand Avenue #20-30, 271008 Singapore (SG). 



TAN, Jek Thooo [SG/SG]; Block 56, #02-30. Choa Chu 
Kang North 6. Yew Mei Green. 689577 Singapore (SG). 
SENOH, Takanori [JP/JP]; 1-24-8. Higashinakaburi. 
Hirakata-shi, Osaka 573-0093 (JP). 

(74) Agents: AOYAMA, Tamotsu etal.; AOYAMA & PART- 
NERS, IMP Building, 3-7, Shiromi 1-chome, Chuo-ku, Os- 
aka-shi, Osaka 540-0001 (JP). 

(81) Designated States (national): AE, AG, AL. AM. AT, AU. 
AZ. BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 
CZ, DE, DK, DM. DZ, EC. EE, ES, FI. GB, GD, GE, GH, 
GM, HR, HU. ID, IL. IN. IS, KE, KG, KR. KZ, LC, LK, 
LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, 
MZ, NO, NZ, OM, PH, PL, PT, RO, RU. SO, SB, SG, SI, 
SK, SL, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, 
VN, YU, ZA, ZM. ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW. MZ, SD. SL, SZ. TZ. UG, ZM, ZW), 
Eurasian patent (AM, AZ, BY. KG, KZ, MD, RU, TJ, TM), 
European patent (AT, BE, BG, CH. CY, CZ, DE, DK, EE, 
ES. FI, FR, GB, GR, IB, IT. LU, MC. NL, PT, SE, SK, 
TR), OAPI patent (BF, BJ, CF, CG, CI, CM. GA, GN. OQ, 
GW, ML, MR, NE, SN, TD, TG). 

[Continued on next page] 



(54) Title: APPARATUS OF A BASELINE DVB-CPCM 




Content 

Authorrng 
Tool 



Watemiarking 
Tool for 
Copyright 
Protection 
Or Copy 
Control 



MPEG-2 
Encoder 



CPCM Control 
InfbrmatkMi Encoder 



t t 



Bioryption 
Tool, eta 



Usage 
Rules 
Encoder 



CPCM Stream 
Generator 



o 

o 



CO 



Co 
TJ 
m 



0>ntant 
Creation 



^ Private CAS pr* 

I l[ * 

Content 
Distribution & 
Transmission 



DVB-STB 



O 
o 



D3 
=3 
D> 



Baseline DVB^PCM 



Tools 
Box 



Management 



CAS-CPCM 
Converter 
With CI Interface 



CI Interface 



Private CAS 
(CPCM Plug-in) 



T3 
o 



Return Channel 



IT) 
IT) 

On 

2 

(57) Abstract: A Baseline DVB-CPCM is presented in this proposal to provide a secure and interoperable content deliveiy and 
^ transferring apparatus. The proposed Baseline DVB-CPCM is a unit to be implemented in a compliant CPCM device, and it con- 
^ sists of five major modules to be used for end-to end solution and content transferring between devices. These modules are CPCM 
^ Manager, Tools Box, Rights Management Module, Message Router, and CAS-CPCM Converter. 



BNSDOCIO: <WO__0303915&A3J_> 



wo 03/039155 A3 liliiilliilliiiiiiHiiiilfi • 



Published: 

— with international search report 

(88) Date of publication of the iateraational search report: 

4 December 2003 



For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin* 
ning of each regular issue of the PCT Gazette. 



BNSOOClOe <WGLJ0a039156A3J.> 



